% Licensed under the Apache License, Version 2.0 (the "License"); you may not
% use this file except in compliance with the License. You may obtain a copy of
% the License at
%
%   http://www.apache.org/licenses/LICENSE-2.0
%
% Unless required by applicable law or agreed to in writing, software
% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
% License for the specific language governing permissions and limitations under
% the License.

-module(chttpd_external).

-compile(tuple_calls).

-export([send_external_response/2]).
-export([json_req_obj_fields/0, json_req_obj/2, json_req_obj/3, json_req_obj/4]).
-export([default_or_content_type/2, parse_external_response/1]).

-import(chttpd, [send_error/4]).

-include_lib("couch/include/couch_db.hrl").

json_req_obj(Req, Db) ->
    json_req_obj(Req, Db, null).
json_req_obj(Req, Db, DocId) ->
    json_req_obj(Req, Db, DocId, all).
json_req_obj(Req, Db, DocId, all) ->
    Fields = json_req_obj_fields(),
    json_req_obj(Req, Db, DocId, Fields);
json_req_obj(#httpd{} = Req, Db, DocId, Fields) when is_list(Fields) ->
    MochiReq =
        case scrub_json_request() of
            true -> chttpd_util:scrub_mochiweb_client_req(Req#httpd.mochi_req);
            false -> Req#httpd.mochi_req
        end,
    Req1 = Req#httpd{mochi_req = MochiReq},
    {[{Field, json_req_obj_field(Field, Req1, Db, DocId)} || Field <- Fields]}.

json_req_obj_fields() ->
    [
        <<"info">>,
        <<"uuid">>,
        <<"id">>,
        <<"method">>,
        <<"requested_path">>,
        <<"path">>,
        <<"raw_path">>,
        <<"query">>,
        <<"headers">>,
        <<"body">>,
        <<"peer">>,
        <<"form">>,
        <<"cookie">>,
        <<"userCtx">>,
        <<"secObj">>
    ].

json_req_obj_field(<<"info">>, #httpd{}, Db, _DocId) ->
    {ok, Info} = get_db_info(Db),
    {Info};
json_req_obj_field(<<"uuid">>, #httpd{}, _Db, _DocId) ->
    couch_uuids:new();
json_req_obj_field(<<"id">>, #httpd{}, _Db, DocId) ->
    DocId;
json_req_obj_field(<<"method">>, #httpd{method = Method}, _Db, _DocId) ->
    Method;
json_req_obj_field(<<"requested_path">>, #httpd{requested_path_parts = Path}, _Db, _DocId) ->
    Path;
json_req_obj_field(<<"path">>, #httpd{path_parts = Path}, _Db, _DocId) ->
    Path;
json_req_obj_field(<<"raw_path">>, #httpd{mochi_req = Req}, _Db, _DocId) ->
    ?l2b(Req:get(raw_path));
json_req_obj_field(<<"query">>, #httpd{mochi_req = Req}, _Db, _DocId) ->
    json_query_keys(to_json_terms(Req:parse_qs()));
json_req_obj_field(<<"headers">>, #httpd{mochi_req = Req}, _Db, _DocId) ->
    Headers = Req:get(headers),
    Hlist = mochiweb_headers:to_list(Headers),
    to_json_terms(Hlist);
json_req_obj_field(<<"body">>, #httpd{req_body = undefined, mochi_req = Req}, _Db, _DocId) ->
    MaxSize = chttpd_util:get_chttpd_config_integer(
        "max_http_request_size", 4294967296
    ),
    try
        Req:recv_body(MaxSize)
    catch
        exit:{shutdown, _} ->
            exit({bad_request, <<"Invalid request body">>});
        exit:normal ->
            exit({bad_request, <<"Invalid request body">>})
    end;
json_req_obj_field(<<"body">>, #httpd{req_body = Body}, _Db, _DocId) ->
    Body;
json_req_obj_field(<<"peer">>, #httpd{peer = undefined, mochi_req = Req}, _, _) ->
    ?l2b(Req:get(peer));
json_req_obj_field(<<"peer">>, #httpd{peer = Peer}, _Db, _DocId) ->
    ?l2b(Peer);
json_req_obj_field(<<"form">>, #httpd{mochi_req = Req, method = Method} = HttpReq, Db, DocId) ->
    Body = json_req_obj_field(<<"body">>, HttpReq, Db, DocId),
    ParsedForm =
        case Req:get_primary_header_value("content-type") of
            "application/x-www-form-urlencoded" ++ _ when
                Method =:= 'POST' orelse Method =:= 'PUT'
            ->
                mochiweb_util:parse_qs(Body);
            _ ->
                []
        end,
    to_json_terms(ParsedForm);
json_req_obj_field(<<"cookie">>, #httpd{mochi_req = Req}, _Db, _DocId) ->
    case scrub_json_request() of
        true -> {[]};
        false -> to_json_terms(Req:parse_cookie())
    end;
json_req_obj_field(<<"userCtx">>, #httpd{}, Db, _DocId) ->
    couch_util:json_user_ctx(Db);
json_req_obj_field(<<"secObj">>, #httpd{user_ctx = UserCtx}, Db, _DocId) ->
    get_db_security(Db, UserCtx).

get_db_info(Db) ->
    case couch_db:is_clustered(Db) of
        true ->
            fabric:get_db_info(Db);
        false ->
            couch_db:get_db_info(Db)
    end.

get_db_security(Db, #user_ctx{}) ->
    case couch_db:is_clustered(Db) of
        true ->
            fabric:get_security(Db);
        false ->
            couch_db:get_security(Db)
    end.

to_json_terms(Data) ->
    to_json_terms(Data, []).
to_json_terms([], Acc) ->
    {lists:reverse(Acc)};
to_json_terms([{Key, Value} | Rest], Acc) when is_atom(Key) ->
    to_json_terms(Rest, [{list_to_binary(atom_to_list(Key)), list_to_binary(Value)} | Acc]);
to_json_terms([{Key, Value} | Rest], Acc) ->
    to_json_terms(Rest, [{list_to_binary(Key), list_to_binary(Value)} | Acc]).

json_query_keys({Json}) ->
    json_query_keys(Json, []).
json_query_keys([], Acc) ->
    {lists:reverse(Acc)};
json_query_keys([{<<"startkey">>, Value} | Rest], Acc) ->
    json_query_keys(Rest, [{<<"startkey">>, ?JSON_DECODE(Value)} | Acc]);
json_query_keys([{<<"endkey">>, Value} | Rest], Acc) ->
    json_query_keys(Rest, [{<<"endkey">>, ?JSON_DECODE(Value)} | Acc]);
json_query_keys([{<<"key">>, Value} | Rest], Acc) ->
    json_query_keys(Rest, [{<<"key">>, ?JSON_DECODE(Value)} | Acc]);
json_query_keys([{<<"descending">>, Value} | Rest], Acc) ->
    json_query_keys(Rest, [{<<"descending">>, ?JSON_DECODE(Value)} | Acc]);
json_query_keys([Term | Rest], Acc) ->
    json_query_keys(Rest, [Term | Acc]).

send_external_response(Req, Response) ->
    #extern_resp_args{
        code = Code,
        data = Data,
        ctype = CType,
        headers = Headers0,
        json = Json
    } = parse_external_response(Response),
    Headers1 = default_or_content_type(CType, Headers0),
    case Json of
        nil ->
            Headers2 = chttpd_util:maybe_add_csp_header("showlist", Headers1, "sandbox"),
            chttpd:send_response(Req, Code, Headers2, Data);
        Json ->
            chttpd:send_json(Req, Code, Headers1, Json)
    end.

parse_external_response({Response}) ->
    lists:foldl(
        fun({Key, Value}, Args) ->
            case {Key, Value} of
                {"", _} ->
                    Args;
                {<<"code">>, Value} ->
                    Args#extern_resp_args{code = Value};
                {<<"stop">>, true} ->
                    Args#extern_resp_args{stop = true};
                {<<"json">>, Value} ->
                    Args#extern_resp_args{
                        json = Value,
                        ctype = "application/json"
                    };
                {<<"body">>, Value} ->
                    Args#extern_resp_args{data = Value, ctype = "text/html; charset=utf-8"};
                {<<"base64">>, Value} ->
                    Args#extern_resp_args{
                        data = base64:decode(Value),
                        ctype = "application/binary"
                    };
                {<<"headers">>, {Headers}} ->
                    NewHeaders = lists:map(
                        fun({Header, HVal}) ->
                            {couch_util:to_list(Header), couch_util:to_list(HVal)}
                        end,
                        Headers
                    ),
                    Args#extern_resp_args{headers = NewHeaders};
                % unknown key
                _ ->
                    Msg = lists:flatten(
                        io_lib:format("Invalid data from external server: ~p", [{Key, Value}])
                    ),
                    throw({external_response_error, Msg})
            end
        end,
        #extern_resp_args{},
        Response
    ).

default_or_content_type(DefaultContentType, Headers) ->
    IsContentType = fun({X, _}) -> string:to_lower(X) == "content-type" end,
    case lists:any(IsContentType, Headers) of
        false ->
            [{"Content-Type", DefaultContentType} | Headers];
        true ->
            Headers
    end.

scrub_json_request() ->
    config:get_boolean("chttpd", "scrub_json_request", true).
